libcairo -- integer overflow

2008-04-09T00:00:00
ID DSA-1542
Type debian
Reporter Debian
Modified 2008-04-09T00:00:00

Description

Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code.

For the stable distribution (etch), these problems have been fixed in version 1.2.4-4.1+etch1.

For the unstable distribution (sid), these problems have been fixed in version 1.4.10-1.1.

We recommend that you upgrade your libcairo packages.